Adobe Sign EU Electronic Signature Law Overview

Overview of electronic signature law in the EU

On July 23, 2014, the European Commission published the electronic identification and trust services
(eIDAS) Regulation as Regulation 910/2014. This regulation establishes a new legal structure for
electronicsignatures, seals and documents throughout the European Union (EU).
On July 1, 2016, eIDAS take effect, replacing the existing EU directive on electronic signatures. Any EU
member state laws that are inconsistent with eIDAS will automatically be repealed orreplaced. For the
first time there will be a consistent legal framework and a single market that recognizes electronic
signatures across all of the EU member states. This will provide the private sector with a predictable
regulatory environment in which to develop and expand the use of electronic signatures and transactions
in the EU.

Background
In 1999, the European Commission published its first electronic signatures directive, 1999/93/EC. Since it
was a directive rather than a regulation, it allowed EU member states to interpret the new law and
impose their own restrictions, limitations and exceptions to it. The result was electronic signature law in
the EU became a patchwork of different laws. By example, Austria and Sweden adopted very strict
versions of the law while other member states, such as the United Kingdom, adopted much more liberal
laws like those in the United States. Worse, none of the member states recognized the other member
states electronic signature laws as valid. This fragmentation undermined the EUs goals of moving
towards a single market.
By 2011, the European Commission decided it wanted to repair these weaknesses and develop a single
European digital market. It conducted a review of electronic signature laws in member states, and in
2014 adopted a new regulation, eIDAS. Key goals were to ensure confidence in electronic signatures and
create mutual recognition of electronic signatures across all member states.

Understanding eIDAS
eIDAS (Regulation 910/2014) is a regulation rather than a directive, so it is not subject to member state
interpretation and modification. This means that when it takes effect in July 2016 there will be a single,
standardized regulation for all 28 member states.
The eIDAS Regulation has two sections. The first section deals with government-issued electronic
identification and establishes a legal framework for all EU member states to mutually recognize each
others identification systems. It targets the public sector and requires member states to permit citizens
from other member states to use their own electronic IDs to access online services. Private sector
companies are not directly impacted by this part of the eIDAS Regulation.
The second section deals with electronic signatures. It clarifies existing rules, but also introduces anew
legal framework for electronic signatures and seals. It does not, however, require service providers to
significantly change the way they work. Instead, eIDAS offers incentives to follow EU rules, by granting
greater legal certainty to services that follow eIDASs rules, which are designed to improve the reliability of
these services.
Impact on electronic signatures
When the eIDAS Regulation takes effect on July 1, 2016, it will not only repeal the existing
electronic signatures directive, but it will also automatically replace any inconsistent national laws
in Europe. Lets explore how some of these changes will affect the status of electronic signatures.
Article 25 of the Regulation maintains the fundamental legal rule that all electronic signatures and
verification services shall be admissible as evidence in legal proceedings. This includes electronic
signatures, seals, time stamps, registered delivery services and certificates for website authentication.
The eIDAS Regulation also includes a more complete definition of the service companies that
provide these electronic signatures, seals and stampscalled Trust Services. It affords a more
cleardefinition of qualified and nonqualified Trust Services than the 1999 Directive, providing
greater detail on the requirements and supervision associated with them. The goal is to increase
confidence in digital transactions by demonstrating their reliability and security, as well as their
clear advantages over handwritten signatures.
There are three types of electronic signatures defined in eIDAS: basic electronic signatures,
Advanced Electronic Signatures and Qualified Electronic Signatures.

Basic electronic signatures

The definition of basic electronic signatures is unchanged under the eIDAS Regulation. The same
fundamental standardthat anelectronic signature shall not be denied legal effect and
admissibility as evidence in legal proceedings solely based on the fact that it is in electronic
formis still the rule.

Advanced Electronic Signatures

The eIDAS Regulation redefines Advanced Electronic Signature (AdES). This signatureas opposed
to the basic electronic signature that is in place under the current directiveallows unique
identification and authentication of the signer of a document and enables the verification of the
integrity of the signed agreement. This requirement is typically met with a type of electronic
signatures commonly known as as digital signatures. The authentication is accomplished through
the issuance of a digital certificate by a Certificate Authority (CA). First, the signer obtains
acertificate from their choice of CAs (there are hundreds of them around the world). Then, during
the signing process, the signers certificate is cryptographically bound to the document using the
private key uniquely held by the signer. This encryption is also used as a tamper-evident seal.
During the validation process, the reciprocal public key is extracted from the signature and used
toboth authenticate the signers identity through trusted CAs and confirm that no changes were
made to the document since it was signed. Although these certificates have existed for many years,
the eIDAS Regulation enables the signer to use the latest technologies, like mobile devices and
cloud services, to accomplish this.

Qualified Electronic Signatures

The final type of signature defined in the eIDAS Regulation is the Qualified Electronic Signature
(QES). While both Advanced and Qualified Electronic Signatures (QES) are uniquely linked to the
signer, Qualified Electronic Signatures are based on qualified certificates. These certificates can
only be issued by a CA that has been accredited and meets the requirements of eIDAS. Qualified
certificates must also be stored on a qualified signature creation device such as a smart card, a USB
token or a cloud-based hardware security module (HSM).
QES are important because they are the only type of signature that will ensure mutual recognition
of its validity by all the EU member states. This mutual recognition is crucial for the creation of the
single digital market across the entire EU.

Electronic seals
The eIDAS Regulation introduces recognition of electronic seals. These are technologically similar
to electronic signatures, but will only be available to legal persons such as corporate entities. This
raises the interesting prospect of minimizing the importance of the authorized signer for a
particular entity. Instead, there will simply be a seal that is associated with that entity and any use
of that seal will be presumed to be binding on that entity.
 Summary
Although the European Commission is still finalizing a few details before the eIDAS Regulation
becomes effective in July 2016, its important for businesses to be aware of how the new regulation
will alter electronic signature law in the EU. Important changes include the unique electronic
identification and the stricter supervisory measures that apply to Trust Services. Qualified
Electronic Signatures should figure prominently in any EU operational plan.

Resources
Thanks to signature laws and regulations around the world, electronic signatures are changing the
way companies do business. Signature and approval processes that once took weeks can now be
completed in days or even minutes. Plus, tracking and managing signed documents is far simpler. For
more information about how to effectively incorporate e-signatures into your companys workflows,
consult these resources:
Global Guide to Electronic Signature Law: Country-by-Country

Developing an effective electronic signature policy

Electronic and digital signature white paper

For more information

Solution details:
https://adobe.com/go/
adobesign

Adobe Systems Incorporated Adobe and the Adobe logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All
other trademarks are the property of their respective owners.
345 Park Avenue
San Jose, CA 95110-2704 2016 Adobe Systems Incorporated. All rights reserved. Printed in the USA.
USA
www.adobe.com 4/16